Remote Docker Repositories

JFrog Artifactory Documentation

ft:sourceType
Paligo

With Docker, you can proxy a remote Docker registry through remote repositories. A Remote Repository defined in Artifactory serves as a caching proxy for a registry managed at a remote URL such as https://registry-1.docker.io/ (which is the Docker Hub), or even a Docker repository managed at a remote site by another instance of Artifactory.

Docker images requested from a remote repository are cached on demand. You can remove downloaded images from the remote repository cache, however, you can not manually push Docker images to a remote Docker repository.

 Action Required to Prevent Docker Remote Registry Restrictions

In lieu of the latest Docker remote repository limitations enforced by Docker, anonymous users will be blocked when reaching the download rate limit of 100 pulls per six hours. To prevent this from happening, you are required to authenticate with Docker Hub, by setting your Docker account user and password in your Remote Docker Repositories.

To define a remote repository to proxy a remote Docker registry follow the steps below:

  1. From the Administration module, select Repositories | Repositories | Remote.

  2. Click New Remote Repository and select Docker from the Select Package Type dialog.

  3. In the Basic tab, set the Repository Key value, and specify the URL to the remote registry in the URL field.

    If you are proxying the Docker Hub, use https://registry-1.docker.io/ as the URL, and make sure the Enable Token Authentication checkbox is checked (these are the default settings).

  4. To use your Docker account type, you need to authenticate the Docker Hub pull requests, by setting your user and password in your basic Docker repository.

    docker__remote__repo__basic__settings__png.png
  5. Click the Advanced tab to configure the Advanced Docker Repository settings you can enable Foreign Layers Caching to allow Artifactory to download foreign layers to a Docker remote repository.

    docker_remote_advanced_tab.png
  6. Select the Enable Foreign Layers Caching checkbox to allow Artifactory to download foreign layers to a Docker remote repository.

  7. You have an option to apply Patterns Allow List by setting Include patterns to match external URLs when trying to download foreign layers.

    Specify an Allow List of Ant-style path expressions that specify where foreign layers may be downloaded from. Supported expressions include (*, **, ?).

    By default, this field is set to ** which means that foreign layers may be downloaded from any external source.

    For example, specifying **/ like in github.com/** will only allow downloading foreign layers from a github.com host.

  8. To configure the Network settings, see Network Settings.

  9. Click Save and Finish.

Docker Repository Path and Domain

When accessing a remote Docker repository through Artifactory, the repository URL must be prefixed with api/docker in the path.

For Example:

http://my-remote-site:8081/artifactory/api/docker/<repository key>